# This setup is a bit out of the ordinary for a staging system. As the openqa
# scheduler needs up-to-date information from the wiki and koji, it doesn't
# work well as a proper staging host.
#
# We decided to keep it a pseudo-staging host that will get new versions of
# openqa first and will be a staging host for most intensive purposes but from
# a firewall rule POV, it will be a staging-friendly production host
#
# it should still be using the stg proxies and the external hostname will still
# be stg.fedoraproject.org

# this is to enable nested virt, which we need for disk image creation
virt_install_command: "{{ virt_install_command_one_nic }} --cpu=host-passthrough,+vmx"

deployment_type: stg
# this won't really work, there's not going to be any way to get at
# the webui from outside the box, but we gotta set it to something
external_hostname: openqa.oneboxtest.fedoraproject.org
# makes sure it sends stg not prod fedmsgs
fedmsg_env: stg
freezes: false
gw: 10.3.174.254

# we need this bigger on stg to handle Rawhide updates, if we enable
# Rawhide update testing in prod we can just move this to servers_common
openqa_assetsize_updates: 260
openqa_compose_arches: x86_64
openqa_dbname: openqa-onebox
openqa_dbpassword: "{{ stg_openqa_dbpassword }}"
openqa_dbuser: openqastg
openqa_dbhost: localhost
openqa_dbhost_delegate: "{{ inventory_hostname }}"
openqa_env: staging
openqa_env_prefix: stg-
# this is because openqa staging isn't really a staging host
# we don't want to set env_suffix to stg on it because that may
# break some other plays, but we do need the env suffix for the
# fedora-messaging bits, so let's make our own
openqa_env_suffix: .stg
openqa_key: "{{ stg_openqa_apikey }}"
# install openQA from updates-testing - this is staging, we live
# ON THE EDGE (radical guitar riff)
openqa_repo: updates-testing
openqa_secret: "{{ stg_openqa_apisecret }}"
openqa_update_arches: ['x86_64']

# copied from openqa_servers_common, we don't want everything from there though
ipa_client_shell_groups:
  - fi-apprentice
  - sysadmin-noc
  - sysadmin-qa
  - sysadmin-veteran
ipa_client_sudo_groups:
  - sysadmin-qa
ipa_host_group: openqa-servers
ipa_host_group_desc: OpenQA servers
# we need this for all our fedora-messaging consumers as they are not
# allowed to create queues on the infra AMQP broker, by broker config
openqa_amqp_passive: true
openqa_amqp_publisher_exchange: "amq.topic"
openqa_amqp_publisher_cacertfile: "/etc/fedora-messaging/{{ openqa_env_prefix }}cacert.pem"
openqa_amqp_publisher_certfile: "/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-cert.pem"
openqa_amqp_publisher_keyfile: "/etc/pki/fedora-messaging/openqa{{ openqa_env_suffix }}-key.pem"
openqa_amqp_scheduler_cert: /etc/pki/fedora-messaging/openqa-cert.pem
openqa_amqp_scheduler_key: /etc/pki/fedora-messaging/openqa-key.pem
openqa_amqp_scheduler_queue: "openqa{{ openqa_env_suffix }}_scheduler"
openqa_amqp_scheduler_routing_keys: ["org.fedoraproject.prod.pungi.compose.status.change", "org.fedoraproject.prod.bodhi.update.request.testing", "org.fedoraproject.prod.bodhi.update.edit", "org.fedoraproject.prod.bodhi.update.status.testing.koji-build-group.build.complete", "org.fedoraproject.prod.coreos.build.state.change"]
openqa_amqp_scheduler_url: "amqps://openqa:@rabbitmq.fedoraproject.org/%2Fpubsub"
openqa_amqp_smtp: bastion
openqa_assetsize: 500
openqa_email: adamwill@fedoraproject.org
openqa_fullname: Adam Williamson
openqa_hostname: localhost
openqa_nickname: adamwill
openqa_userid: http://adamwill.id.fedoraproject.org/
primary_auth_source: ipa
# http and NFS
tcp_ports: [80, 2049]

# from openqa_lab_workers
openqa_nfs_worker: false
openqa_workers: 4
openqa_createhdds_branch: rawhide-updates

# let's not do this
openqa_amqp_publisher_url: ""
